devsecops-engine-tools 1.59.0__tar.gz → 1.60.1__tar.gz

{devsecops_engine_tools-1.59.0 → devsecops_engine_tools-1.60.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: devsecops-engine-tools
-Version: 1.59.0
+Version: 1.60.1
 Summary: Tool for DevSecOps strategy
 Home-page: https://github.com/bancolombia/devsecops-engine-tools
 Author: Bancolombia DevSecOps Team
@@ -76,7 +76,7 @@ pip3 install devsecops-engine-tools
 ### Scan running - flags (CLI)
 
 ```bash
-devsecops-engine-tools --platform_devops ["local","azure","github"] --remote_config_repo ["remote_config_repo"] --remote_config_branch ["remote_config_branch"] --module ["engine_iac", "engine_dast", "engine_secret", "engine_dependencies", "engine_container", "engine_risk", "engine_code"] --tool ["nuclei", "bearer", "checkov", "kics", "kubescape", "trufflehog", "gitleaks", "prisma", "trivy", "xray", "dependency_check"] --folder_path ["Folder path scan engine_iac, engine_code, engine_dependencies and engine_secret"] --platform ["k8s","cloudformation","docker", "openapi", "terraform"] --use_secrets_manager ["false", "true"] --use_vulnerability_management ["false", "true"] --send_metrics ["false", "true"] --token_cmdb ["token_cmdb"] --token_vulnerability_management ["token_vulnerability_management"] --token_engine_container ["token_engine_container"] --token_engine_dependencies ["token_engine_dependencies"] --token_external_checks ["token_external_checks"] --xray_mode ["scan", "audit","build-scan"] --image_to_scan ["image_to_scan"] --dast_file_path ["dast_file_path"]
+devsecops-engine-tools --platform_devops ["local","azure","github"] --remote_config_source ["local","azure","github"] --remote_config_repo ["remote_config_repo"] --remote_config_branch ["remote_config_branch"] --module ["engine_iac", "engine_dast", "engine_secret", "engine_dependencies", "engine_container", "engine_risk", "engine_code"] --tool ["nuclei", "bearer", "checkov", "kics", "kubescape", "trufflehog", "gitleaks", "prisma", "trivy", "xray", "dependency_check"] --folder_path ["Folder path scan engine_iac, engine_code, engine_dependencies and engine_secret"] --platform ["k8s","cloudformation","docker", "openapi", "terraform"] --use_secrets_manager ["false", "true"] --use_vulnerability_management ["false", "true"] --send_metrics ["false", "true"] --token_cmdb ["token_cmdb"] --token_vulnerability_management ["token_vulnerability_management"] --token_engine_container ["token_engine_container"] --token_engine_dependencies ["token_engine_dependencies"] --token_external_checks ["token_external_checks"] --xray_mode ["scan", "audit","build-scan"] --image_to_scan ["image_to_scan"] --dast_file_path ["dast_file_path"]
 ```
 
 ### Structure Remote Config
@@ -186,7 +186,7 @@ $ set +a
 
 
 ```bash
-devsecops-engine-tools --platform_devops local --remote_config_repo DevSecOps_Remote_Config --module engine_iac
+devsecops-engine-tools --platform_devops local --remote_config_source local --remote_config_repo DevSecOps_Remote_Config --module engine_iac
 
 ```
 
@@ -200,13 +200,13 @@ devsecops-engine-tools --platform_devops local --remote_config_repo DevSecOps_Re
 docker pull bancolombia/devsecops-engine-tools
 ```
 ```bash
-docker run --rm -v ./folder_to_analyze:/folder_to_analyze bancolombia/devsecops-engine-tools:latest devsecops-engine-tools --platform_devops local --remote_config_repo docker_default_remote_config --module engine_iac --folder_path /folder_to_analyze
+docker run --rm -v ./folder_to_analyze:/folder_to_analyze bancolombia/devsecops-engine-tools:latest devsecops-engine-tools --platform_devops local --remote_config_source local --remote_config_repo docker_default_remote_config --module engine_iac --folder_path /folder_to_analyze
 ```
 
 The docker image have it own default remote config with basic configuration called docker_default_remote_config, but you can define your own config and pass it as volume
 
 ```bash
-docker run --rm -v ./folder_to_analyze:/folder_to_analyze -v ./custom_remote_config:/custom_remote_config bancolombia/devsecops-engine-tools:latest devsecops-engine-tools --platform_devops local --remote_config_repo custom_remote_config --module engine_iac --folder_path /folder_to_analyze
+docker run --rm -v ./folder_to_analyze:/folder_to_analyze -v ./custom_remote_config:/custom_remote_config bancolombia/devsecops-engine-tools:latest devsecops-engine-tools --platform_devops local --remote_config_source local --remote_config_repo custom_remote_config --module engine_iac --folder_path /folder_to_analyze
 ```
 
 
@@ -236,7 +236,7 @@ stages:
           - script: |
               # Install devsecops-engine-tools
               pip3 install -q devsecops-engine-tools
-              devsecops-engine-tools --platform_devops azure --remote_config_repo remote_config --module engine_iac
+              devsecops-engine-tools --platform_devops azure --remote_config_source azure --remote_config_repo remote_config --module engine_iac
             displayName: "Engine Tools"
         env:
           SYSTEM_ACCESSTOKEN: $(System.AccessToken)
@@ -287,7 +287,7 @@ jobs:
         run: |
           # Install devsecops-engine-tools
           pip3 install -q devsecops-engine-tools
-          output=$(devsecops-engine-tools --platform_devops github --remote_config_repo remote_config --module engine_iac)
+          output=$(devsecops-engine-tools --platform_devops github --remote_config_source github --remote_config_repo remote_config --module engine_iac)
           echo "$output"
           if [[ $output == *"✘Failed"* ]]; then
             exit 1

{devsecops_engine_tools-1.59.0 → devsecops_engine_tools-1.60.1}/devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py

@@ -65,6 +65,14 @@ def get_inputs_from_cli(args):
         required=True,
         help="Platform where is executed",
     )
+    parser.add_argument(
+        "-rcs",
+        "--remote_config_source",
+        choices=["azure", "github", "local"],
+        type=str,
+        required=True,
+        help="Source of the remote config repo",
+    )
     parser.add_argument(
         "-rcf",
         "--remote_config_repo",
@@ -236,6 +244,7 @@ def get_inputs_from_cli(args):
         "platform_devops": args.platform_devops,
         "remote_config_repo": args.remote_config_repo,
         "remote_config_branch": args.remote_config_branch,
+        "remote_config_source": args.remote_config_source,
         "tool": args.tool,
         "module": args.module,
         "folder_path": args.folder_path,
@@ -269,6 +278,11 @@ def application_core():
             "github": GithubActions(),
             "local": RuntimeLocal(),
         }.get(args["platform_devops"])
+        remote_config_source_gateway = {
+            "azure": AzureDevops(),
+            "github": GithubActions(),
+            "local": RuntimeLocal(),
+        }.get(args["remote_config_source"])
         metrics_manager_gateway = S3Manager()
         printer_table_gateway = PrinterPrettyTable()
         sbom_tool_gateway = Syft()
@@ -277,6 +291,7 @@ def application_core():
             vulnerability_management_gateway,
             secrets_manager_gateway,
             devops_platform_gateway,
+            remote_config_source_gateway,
             printer_table_gateway,
             metrics_manager_gateway,
             sbom_tool_gateway,

{devsecops_engine_tools-1.59.0 → devsecops_engine_tools-1.60.1}/devsecops_engine_tools/engine_core/src/domain/usecases/handle_risk.py

@@ -31,11 +31,13 @@ class HandleRisk:
         vulnerability_management: VulnerabilityManagementGateway,
         secrets_manager_gateway: SecretsManagerGateway,
         devops_platform_gateway: DevopsPlatformGateway,
+        remote_config_source_gateway: DevopsPlatformGateway,
         print_table_gateway: PrinterTableGateway,
     ):
         self.vulnerability_management = vulnerability_management
         self.secrets_manager_gateway = secrets_manager_gateway
         self.devops_platform_gateway = devops_platform_gateway
+        self.remote_config_source_gateway = remote_config_source_gateway
         self.print_table_gateway = print_table_gateway
 
     def _get_all_from_vm(self, dict_args, secret_tool, remote_config, service):
@@ -85,7 +87,7 @@ class HandleRisk:
         return filtered_engagements
 
     def _exclude_services(self, dict_args, pipeline_name, service_list):
-        risk_exclusions = self.devops_platform_gateway.get_remote_config(
+        risk_exclusions = self.remote_config_source_gateway.get_remote_config(
             dict_args["remote_config_repo"], "engine_risk/Exclusions.json", dict_args["remote_config_branch"]
         )
         if (
@@ -128,10 +130,10 @@ class HandleRisk:
         )
 
     def process(self, dict_args: any, remote_config: any):
-        risk_config = self.devops_platform_gateway.get_remote_config(
+        risk_config = self.remote_config_source_gateway.get_remote_config(
             dict_args["remote_config_repo"], "engine_risk/ConfigTool.json", dict_args["remote_config_branch"]
         )
-        risk_exclusions = self.devops_platform_gateway.get_remote_config(
+        risk_exclusions = self.remote_config_source_gateway.get_remote_config(
             dict_args["remote_config_repo"], "engine_risk/Exclusions.json", dict_args["remote_config_branch"]
         )
         pipeline_name = self.devops_platform_gateway.get_variable("pipeline_name")
@@ -227,6 +229,7 @@ class HandleRisk:
             exclusions,
             [service.name for service in new_service_list],
             self.devops_platform_gateway,
+            self.remote_config_source_gateway,
             self.print_table_gateway,
         )
 

{devsecops_engine_tools-1.59.0 → devsecops_engine_tools-1.60.1}/devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py

@@ -53,11 +53,13 @@ class HandleScan:
         vulnerability_management: VulnerabilityManagementGateway,
         secrets_manager_gateway: SecretsManagerGateway,
         devops_platform_gateway: DevopsPlatformGateway,
+        remote_config_source_gateway: DevopsPlatformGateway,
         sbom_tool_gateway: SbomManagerGateway,
     ):
         self.vulnerability_management = vulnerability_management
         self.secrets_manager_gateway = secrets_manager_gateway
         self.devops_platform_gateway = devops_platform_gateway
+        self.remote_config_source_gateway = remote_config_source_gateway
         self.sbom_tool_gateway = sbom_tool_gateway
 
     def process(self, dict_args: any, config_tool: any):
@@ -74,6 +76,7 @@ class HandleScan:
                 config_tool["ENGINE_IAC"]["TOOL"],
                 secret_tool,
                 self.devops_platform_gateway,
+                self.remote_config_source_gateway,
                 env,
             )
             self._use_vulnerability_management(
@@ -86,6 +89,7 @@ class HandleScan:
                 config_tool["ENGINE_CONTAINER"]["TOOL"],
                 secret_tool,
                 self.devops_platform_gateway,
+                self.remote_config_source_gateway
             )
             self._use_vulnerability_management(
                 config_tool,
@@ -102,6 +106,7 @@ class HandleScan:
                 config_tool["ENGINE_DAST"],
                 secret_tool,
                 self.devops_platform_gateway,
+                self.remote_config_source_gateway,
             )
             self._use_vulnerability_management(
                 config_tool, input_core, dict_args, secret_tool, env
@@ -112,6 +117,7 @@ class HandleScan:
                 dict_args,
                 config_tool["ENGINE_CODE"]["TOOL"],
                 self.devops_platform_gateway,
+                self.remote_config_source_gateway
             )
             self._use_vulnerability_management(
                 config_tool, input_core, dict_args, secret_tool, env
@@ -122,6 +128,7 @@ class HandleScan:
                 dict_args,
                 config_tool["ENGINE_SECRET"]["TOOL"],
                 self.devops_platform_gateway,
+                self.remote_config_source_gateway,
                 secret_tool,
             )
             self._use_vulnerability_management(
@@ -134,6 +141,7 @@ class HandleScan:
                 config_tool,
                 secret_tool,
                 self.devops_platform_gateway,
+                self.remote_config_source_gateway,
                 self.sbom_tool_gateway,
             )
             self._use_vulnerability_management(

{devsecops_engine_tools-1.59.0 → devsecops_engine_tools-1.60.1}/devsecops_engine_tools/engine_core/src/infrastructure/entry_points/entry_point_core.py

@@ -19,12 +19,13 @@ def init_engine_core(
     vulnerability_management_gateway: any,
     secrets_manager_gateway: any,
     devops_platform_gateway: any,
+    remote_config_source_gateway: any,
     print_table_gateway: any,
     metrics_manager_gateway: any,
     sbom_tool_gateway: any,
     args: any
 ):
-    config_tool = devops_platform_gateway.get_remote_config(
+    config_tool = remote_config_source_gateway.get_remote_config(
         args["remote_config_repo"], "/engine_core/ConfigTool.json", args["remote_config_branch"]
     )
     Printers.print_logo_tool(config_tool["BANNER"])
@@ -35,6 +36,7 @@ def init_engine_core(
                 vulnerability_management_gateway,
                 secrets_manager_gateway,
                 devops_platform_gateway,
+                remote_config_source_gateway,
                 print_table_gateway,
             ).process(args, config_tool)
 
@@ -46,6 +48,7 @@ def init_engine_core(
                 vulnerability_management_gateway,
                 secrets_manager_gateway,
                 devops_platform_gateway,
+                remote_config_source_gateway,
                 sbom_tool_gateway
             ).process(args, config_tool)
 

{devsecops_engine_tools-1.59.0 → devsecops_engine_tools-1.60.1}/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py

@@ -37,7 +37,7 @@ from devsecops_engine_tools.engine_utilities import settings
 
 logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
 
-def runner_engine_dast(dict_args, config_tool, secret_tool, devops_platform_gateway):
+def runner_engine_dast(dict_args, config_tool, secret_tool, devops_platform_gateway, remote_config_source_gateway):
     try:
         if config_tool["TOOL"].lower() == "nuclei": # tool_gateway is the main Tool
             tool_run = NucleiTool()
@@ -104,7 +104,7 @@ def runner_engine_dast(dict_args, config_tool, secret_tool, devops_platform_gate
         )
     except Exception as e:
         logger.error(f"Error engine_dast: {e}")
-        config_tool_dast = devops_platform_gateway.get_remote_config(
+        config_tool_dast = remote_config_source_gateway.get_remote_config(
             dict_args["remote_config_repo"], "engine_dast/ConfigTool.json", dict_args["remote_config_branch"]
         )
         if config_tool_dast["IGNORE_ERRORS"]:

{devsecops_engine_tools-1.59.0 → devsecops_engine_tools-1.60.1}/devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py

@@ -21,11 +21,13 @@ class DastScan:
         self,
         tool_gateway: ToolGateway,
         devops_platform_gateway: DevopsPlatformGateway,
+        remote_config_source_gateway: DevopsPlatformGateway,
         data_target,
         aditional_tools: "List[ToolGateway]"
     ):
         self.tool_gateway = tool_gateway
         self.devops_platform_gateway = devops_platform_gateway
+        self.remote_config_source_gateway = remote_config_source_gateway
         self.data_target = data_target
         self.other_tools = aditional_tools
 
@@ -56,11 +58,11 @@ class DastScan:
     def process(
         self, dict_args, secret_tool, config_tool
     ) -> "Tuple[List, InputCore]":
-        init_config_tool = self.devops_platform_gateway.get_remote_config(
+        init_config_tool = self.remote_config_source_gateway.get_remote_config(
             dict_args["remote_config_repo"], "engine_dast/ConfigTool.json"
         )
 
-        exclusions = self.devops_platform_gateway.get_remote_config(
+        exclusions = self.remote_config_source_gateway.get_remote_config(
             dict_args["remote_config_repo"],
             "engine_dast/Exclusions.json"
         )

{devsecops_engine_tools-1.59.0 → devsecops_engine_tools-1.60.1}/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/entry_point_dast.py

@@ -4,6 +4,7 @@ from devsecops_engine_tools.engine_dast.src.domain.usecases.dast_scan import (
 
 def init_engine_dast(
     devops_platform_gateway,
+    remote_config_source_gateway,
     tool_gateway,
     dict_args,
     secret_tool,
@@ -11,5 +12,5 @@ def init_engine_dast(
     extra_tools,
     target_data
 ):
-    dast_scan = DastScan(tool_gateway, devops_platform_gateway, target_data, extra_tools)
+    dast_scan = DastScan(tool_gateway, devops_platform_gateway, remote_config_source_gateway, target_data, extra_tools)
     return dast_scan.process(dict_args, secret_tool, config_tool)

{devsecops_engine_tools-1.59.0 → devsecops_engine_tools-1.60.1}/devsecops_engine_tools/engine_risk/src/applications/runner_engine_risk.py

@@ -18,6 +18,7 @@ def runner_engine_risk(
     vm_exclusions,
     services,
     devops_platform_gateway,
+    remote_config_source_gateway,
     print_table_gateway,
 ):
     add_epss_gateway = FirstCsv()
@@ -25,6 +26,7 @@ def runner_engine_risk(
     return init_engine_risk(
         add_epss_gateway,
         devops_platform_gateway,
+        remote_config_source_gateway,
         print_table_gateway,
         dict_args,
         findings,

{devsecops_engine_tools-1.59.0 → devsecops_engine_tools-1.60.1}/devsecops_engine_tools/engine_risk/src/domain/usecases/get_exclusions.py

@@ -8,6 +8,7 @@ class GetExclusions:
     def __init__(
         self,
         devops_platform_gateway,
+        remote_config_source_gateway,
         dict_args,
         findings,
         risk_config,
@@ -16,6 +17,7 @@ class GetExclusions:
         active_findings,
     ):
         self.devops_platform_gateway = devops_platform_gateway
+        self.remote_config_source_gateway = remote_config_source_gateway
         self.dict_args = dict_args
         self.findings = findings
         self.risk_config = risk_config
@@ -24,7 +26,7 @@ class GetExclusions:
         self.active_findings = active_findings
 
     def process(self):
-        core_config = self.devops_platform_gateway.get_remote_config(
+        core_config = self.remote_config_source_gateway.get_remote_config(
             self.dict_args["remote_config_repo"],
             "engine_core/ConfigTool.json",
             self.dict_args["remote_config_branch"],
@@ -49,7 +51,7 @@ class GetExclusions:
         return self._get_exclusions(self.risk_exclusions, "RISK")
 
     def _get_exclusions_by_practice(self, core_config, practice, path):
-        exclusions_config = self.devops_platform_gateway.get_remote_config(
+        exclusions_config = self.remote_config_source_gateway.get_remote_config(
             self.dict_args["remote_config_repo"],
             path,
             self.dict_args["remote_config_branch"],

{devsecops_engine_tools-1.59.0 → devsecops_engine_tools-1.60.1}/devsecops_engine_tools/engine_risk/src/infrastructure/entry_points/entry_point_risk.py

@@ -24,18 +24,19 @@ logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
 def init_engine_risk(
     add_epss_gateway,
     devops_platform_gateway,
+    remote_config_source_gateway,
     print_table_gateway,
     dict_args,
     findings,
     services,
     vm_exclusions,
 ):
-    remote_config = devops_platform_gateway.get_remote_config(
+    remote_config = remote_config_source_gateway.get_remote_config(
         dict_args["remote_config_repo"],
         "engine_risk/ConfigTool.json",
         dict_args["remote_config_branch"],
     )
-    risk_exclusions = devops_platform_gateway.get_remote_config(
+    risk_exclusions = remote_config_source_gateway.get_remote_config(
         dict_args["remote_config_repo"],
         "engine_risk/Exclusions.json",
         dict_args["remote_config_branch"],
@@ -61,6 +62,7 @@ def init_engine_risk(
 
     get_exclusions = GetExclusions(
         devops_platform_gateway,
+        remote_config_source_gateway,
         dict_args,
         data_added,
         remote_config,

{devsecops_engine_tools-1.59.0 → devsecops_engine_tools-1.60.1}/devsecops_engine_tools/engine_sast/engine_code/src/applications/runner_engine_code.py

@@ -8,7 +8,7 @@ from devsecops_engine_tools.engine_utilities.git_cli.infrastructure.git_run impo
     GitRun
 )
 
-def runner_engine_code(dict_args, tool, devops_platform_gateway):
+def runner_engine_code(dict_args, tool, devops_platform_gateway, remote_config_source_gateway):
     try:
         tool_gateway = None
         git_gateway = GitRun()
@@ -17,6 +17,7 @@ def runner_engine_code(dict_args, tool, devops_platform_gateway):
 
         return init_engine_sast_code(
             devops_platform_gateway=devops_platform_gateway,
+            remote_config_source_gateway=remote_config_source_gateway,
             tool_gateway=tool_gateway,
             dict_args=dict_args,
             git_gateway=git_gateway,

{devsecops_engine_tools-1.59.0 → devsecops_engine_tools-1.60.1}/devsecops_engine_tools/engine_sast/engine_code/src/domain/usecases/code_scan.py

@@ -25,14 +25,16 @@ class CodeScan:
         self,
         tool_gateway: ToolGateway,
         devops_platform_gateway: DevopsPlatformGateway,
+        remote_config_source_gateway: DevopsPlatformGateway,
         git_gateway: GitGateway,
     ):
         self.tool_gateway = tool_gateway
         self.devops_platform_gateway = devops_platform_gateway
+        self.remote_config_source_gateway = remote_config_source_gateway
         self.git_gateway = git_gateway
 
     def set_config_tool(self, dict_args):
-        init_config_tool = self.devops_platform_gateway.get_remote_config(
+        init_config_tool = self.remote_config_source_gateway.get_remote_config(
             dict_args["remote_config_repo"], "engine_sast/engine_code/ConfigTool.json", dict_args["remote_config_branch"]
         )
         scope_pipeline = self.devops_platform_gateway.get_variable("pipeline_name")
@@ -88,7 +90,7 @@ class CodeScan:
 
     def process(self, dict_args, tool):
         config_tool = self.set_config_tool(dict_args)
-        exclusions_data = self.devops_platform_gateway.get_remote_config(
+        exclusions_data = self.remote_config_source_gateway.get_remote_config(
             dict_args["remote_config_repo"], "engine_sast/engine_code/Exclusions.json"
         )
         list_exclusions, skip_tool = self.get_exclusions(tool, exclusions_data)

devsecops_engine_tools-1.60.1/devsecops_engine_tools/engine_sast/engine_code/src/infrastructure/entry_points/entry_point_tool.py

@@ -0,0 +1,6 @@
+from devsecops_engine_tools.engine_sast.engine_code.src.domain.usecases.code_scan import (
+    CodeScan,
+)
+
+def init_engine_sast_code(devops_platform_gateway, remote_config_source_gateway, tool_gateway, dict_args, git_gateway, tool):
+    return CodeScan(tool_gateway, devops_platform_gateway, remote_config_source_gateway, git_gateway).process(dict_args, tool)

{devsecops_engine_tools-1.59.0 → devsecops_engine_tools-1.60.1}/devsecops_engine_tools/engine_sast/engine_iac/src/applications/runner_iac_scan.py

@@ -12,7 +12,7 @@ from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_ada
 )
 
 
-def runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, env):
+def runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, remote_config_source_gateway, env):
     try:
         # Define driven adapters for gateways
         tool_gateway = None
@@ -28,6 +28,7 @@ def runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, env
 
         return init_engine_sast_rm(
             devops_platform_gateway=devops_platform_gateway,
+            remote_config_source_gateway=remote_config_source_gateway,
             tool_gateway=tool_gateway,
             dict_args=dict_args,
             secret_tool=secret_tool,

{devsecops_engine_tools-1.59.0 → devsecops_engine_tools-1.60.1}/devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/context_iac.py

@@ -1,5 +1,6 @@
 from dataclasses import dataclass
 
+
 @dataclass
 class ContextIac:
     id: str
@@ -10,4 +11,4 @@ class ContextIac:
     resource: str
     description: str
     module: str
-    tool: str
+    tool: str

{devsecops_engine_tools-1.59.0 → devsecops_engine_tools-1.60.1}/devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/gateways/tool_gateway.py

@@ -1,12 +1,11 @@
 from abc import ABCMeta, abstractmethod
 
+
 class ToolGateway(metaclass=ABCMeta):
     @abstractmethod
     def run_tool(self, config_tool, folders_to_scan, **kwargs):
         "run_tool"
 
-    @classmethod
-    def get_iac_context_from_results(
-        self, path_file_results
-    ) -> None:
-        "get_iac_context_from_results"
+    @abstractmethod
+    def get_iac_context_from_results(self, path_file_results) -> None:
+        "get_iac_context_from_results"

{devsecops_engine_tools-1.59.0 → devsecops_engine_tools-1.60.1}/devsecops_engine_tools/engine_sast/engine_iac/src/domain/usecases/iac_scan.py

@@ -20,21 +20,26 @@ logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
 
 class IacScan:
     def __init__(
-        self, tool_gateway: ToolGateway, devops_platform_gateway: DevopsPlatformGateway
+        self, tool_gateway: ToolGateway, devops_platform_gateway: DevopsPlatformGateway, remote_config_source_gateway: DevopsPlatformGateway
     ):
         self.tool_gateway = tool_gateway
         self.devops_platform_gateway = devops_platform_gateway
+        self.remote_config_source_gateway = remote_config_source_gateway
 
     def process(self, dict_args, secret_tool, tool, env):
-        config_tool_iac = self.devops_platform_gateway.get_remote_config(
-            dict_args["remote_config_repo"], "engine_sast/engine_iac/ConfigTool.json", dict_args["remote_config_branch"]
+        config_tool_iac = self.remote_config_source_gateway.get_remote_config(
+            dict_args["remote_config_repo"],
+            "engine_sast/engine_iac/ConfigTool.json",
+            dict_args["remote_config_branch"],
         )
 
-        exclusions = self.devops_platform_gateway.get_remote_config(
-            dict_args["remote_config_repo"], "engine_sast/engine_iac/Exclusions.json", dict_args["remote_config_branch"]
+        exclusions = self.remote_config_source_gateway.get_remote_config(
+            dict_args["remote_config_repo"],
+            "engine_sast/engine_iac/Exclusions.json",
+            dict_args["remote_config_branch"],
         )
 
-        config_tool_core, folders_to_scan, skip_tool = self.complete_config_tool(
+        config_tool_core, folders_to_scan, skip_tool = self._complete_config_tool(
             config_tool_iac, exclusions, tool, dict_args
         )
 
@@ -54,12 +59,10 @@ class IacScan:
             print("Tool skipped by DevSecOps policy")
             dict_args["send_metrics"] = "false"
             dict_args["use_vulnerability_management"] = "false"
-        
+
         if dict_args.get("context") == "true":
-            self.tool_gateway.get_iac_context_from_results(
-                path_file_results
-            )
-            
+            self.tool_gateway.get_iac_context_from_results(path_file_results)
+
         totalized_exclusions = []
         (
             totalized_exclusions.extend(
@@ -95,7 +98,7 @@ class IacScan:
 
         return findings_list, input_core
 
-    def complete_config_tool(self, data_file_tool, exclusions, tool, dict_args):
+    def _complete_config_tool(self, data_file_tool, exclusions, tool, dict_args):
         config_tool = ConfigTool(json_data=data_file_tool)
 
         config_tool.exclusions = exclusions
@@ -137,7 +140,7 @@ class IacScan:
 
             folders_to_scan = [dict_args["folder_path"]]
         else:
-            folders_to_scan = self.search_folders(config_tool.search_pattern)
+            folders_to_scan = self._search_folders(config_tool.search_pattern)
 
         if len(folders_to_scan) == 0:
             logger.warning(
@@ -147,7 +150,7 @@ class IacScan:
 
         return config_tool, folders_to_scan, skip_tool
 
-    def search_folders(self, search_pattern):
+    def _search_folders(self, search_pattern):
         current_directory = os.getcwd()
         patron = "(?i).*?(" + "|".join(search_pattern) + ").*$"
         folders = [
@@ -160,4 +163,4 @@ class IacScan:
             for folder in folders
             if re.match(patron, folder)
         ]
-        return matching_folders
+        return matching_folders

{devsecops_engine_tools-1.59.0 → devsecops_engine_tools-1.60.1}/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_deserealizator.py

@@ -5,6 +5,7 @@ from devsecops_engine_tools.engine_core.src.domain.model.finding import (
 from datetime import datetime
 from dataclasses import dataclass
 
+
 @dataclass
 class CheckovDeserealizator:
     @classmethod
@@ -16,20 +17,24 @@ class CheckovDeserealizator:
         for result in results_scan_list:
             if "failed_checks" in str(result):
                 for scan in result["results"]["failed_checks"]:
-                    check_id = scan.get("check_id") 
+                    check_id = scan.get("check_id")
                     if not rules.get(check_id):
                         description = scan.get("check_name")
                         severity = default_severity.lower()
                         category = default_category.lower()
                     else:
-                        description = rules[check_id].get("checkID", scan.get("check_name"))
+                        description = rules[check_id].get(
+                            "checkID", scan.get("check_name")
+                        )
                         severity = rules[check_id].get("severity").lower()
                         category = rules[check_id].get("category").lower()
 
                     finding_open = Finding(
                         id=check_id,
                         cvss=None,
-                        where=scan.get("repo_file_path") + ": " + str(scan.get("resource")),
+                        where=scan.get("repo_file_path")
+                        + ": "
+                        + str(scan.get("resource")),
                         description=description,
                         severity=severity,
                         identification_date=datetime.now().strftime("%d%m%Y"),
@@ -37,10 +42,8 @@ class CheckovDeserealizator:
                         module="engine_iac",
                         category=Category(category),
                         requirements=scan.get("guideline"),
-                        tool="Checkov"
+                        tool="Checkov",
                     )
-                    list_open_findings.append(finding_open)      
-       
+                    list_open_findings.append(finding_open)
+
         return list_open_findings
-    
-